They can also be removed manually with a high degree of assurance from secure systems by well established covert channel analysis strategies.
[citation needed] Covert channels can tunnel through secure operating systems and require special measures to control.
[citation needed] By contrast, secure operating systems can easily prevent misuse of legitimate channels, so distinguishing both is important.
Since it is unlikely that legitimate users will check for patterns of file opening and closing operations, this type of covert channel can remain undetected for long periods.
Handel and Sandford presented research where they study covert channels within the general design of network communication protocols.
[6] They employ the OSI model as a basis for their development in which they characterize system elements having potential to be used for data hiding.
Moreover, the generality of the techniques cannot be fully justified in practice since the OSI model does not exist per se in functional systems.
Assuming block of various sizes are transmitted on the LAN, software overhead is computed on average and novel time evaluation is used to estimate the bandwidth (capacity) of covert channels are also presented.
Focusing on the IP and TCP headers of TCP/IP Protocol suite, an article published by Craig Rowland devises proper encoding and decoding techniques by utilizing the IP identification field, the TCP initial sequence number and acknowledge sequence number fields.
Rowland provides a proof of concept as well as practical encoding and decoding techniques for exploitation of covert channels using the TCP/IP protocol suite.
After Rowland, several authors in academia published more work on covert channels in the TCP/IP protocol suite, including a plethora of countermeasures ranging from statistical approaches to machine learning.